GHSA-p358-58jj-hp65

Suggest an improvement
Source
https://github.com/advisories/GHSA-p358-58jj-hp65
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p358-58jj-hp65/GHSA-p358-58jj-hp65.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-p358-58jj-hp65
Aliases
  • CVE-2013-3060
Published
2022-05-17T03:46:28Z
Modified
2024-03-18T13:06:32Z
Summary
Improper Authentication in Apache ActiveMQ
Details

The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.

Database specific
{
    "nvd_published_at": "2013-04-21T21:55:00Z",
    "cwe_ids": [
        "CWE-287"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-08T19:14:28Z"
}
References

Affected packages

Maven / org.apache.activemq:activemq-client

Package

Name
org.apache.activemq:activemq-client
View open source insights on deps.dev
Purl
pkg:maven/org.apache.activemq/activemq-client

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.8.0